Overview

The Problem

You may have already deployed data security controls such as encryption, DLP, and data access policies. These controls are good, but are they sufficient? Are they working properly on your endpoint systems? How can you be sure?

Consider these issues:

Agent-based security systems such as encryption, DLP, and host attack prevention (e.g. antivirus) are good, but they are only deployed onto managed systems. They do not protect your network from “unmanaged” systems – computers brought in by guests, contractors, smart printers, and smart phones for example. These kinds of systems may be connecting to your network in large numbers and introducing security risk.

Agent-based security systems are not always effective. They can be turned-off. Bypassed. The policies and signature files can become out of date. Most organizations who have suffered embarrassing and expensive data breaches have discovered this fact the hard way. An investigation by Microsoft in 2007 indicated that over 50% of their own computers had a problem with their security agents or configuration.

You may also have security policies that prohibit running unauthorized applications or utilizing unencrypted USB memory devices. But how do you detect whether users are complying with your policies? How do you educate users of your policies? How do you enforce your policies?

The Solution

ForeScout CounterACT solves these problems. CounterACT is an automated security control platform that gives you realtime visibility and control over both managed and unmanaged endpoints. Since CounterACT operates over the network, it does not rely on host-based software, thus it avoids the complexity and problematic nature of agent-based security systems.

ForeScout CounterACT includes five layers of data security protection:

Network Access Control

ForeScout CounterACT will enforce network access policies to ensue that unauthorized users and rogue network devices are not on your network.

Endpoint Compliance

A secure system is less likely to lose data than one which is infected or compromised. ForeScout CounterACT ensures that your endpoint systems have up-to-date security software (antivirus, encryption, etc.) and are properly patched.

ForeScout CounterACT is agentless, which allows it to work with your endpoints–managed and unmanaged, known and unknown, physical and virtual. CounterACT can discover gaps and weaknesses in your existing agent-based security systems that would otherwise go undetected.

Automated Remediation

ForeScout CounterACT can automatically remediate endpoint security deficiencies. CounterACT includes a wide spectrum of remediation options which lets you tailor the action to fit the severity of the incidence:

Notifications can be sent to violating users in the form of a trouble ticket, email, browser redirect, trap, or syslog. An auditable end-user acknowledgement lets you track non-compliance warnings to users.

Access Control can be automatically applied to limit network access for non-compliant devices without disrupting user productivity while remedial action is taken. For example, if a device has out-of-date anti-virus definitions, the device can be moved to a quarantine VLAN, or the access control list (ACL) on the switch can be adjusted to protect other users on the network.

Remediation can be triggered, for example by directing the anti-virus server to auto-update a specific device or prompting the patch management system to update the device’s operating system.

Disabling can be performed by killing unauthorized processes and applications on the endpoint.

User Behavior Control

ForeScout CounterACT lets you monitor who is running forbidden applications such as P2P, or using USB memory sticks, etc. Send users who are violating policies just-in-time notifications, including an auditable acknowledgement that the user has read the security policy that they just violated. Optionally disable or kill prohibited devices or processes.

Automated actions

ForeScout CounterACT sees problems in real-time and can react without the need for manual intervention. Response is fast, and valuable time of IT administrators is not wasted.

Non-disruptive

Unlike simplistic products that disrupt users with heavy-handed security controls, ForeScout CounterACT offers a full spectrum of enforcement actions ranging from gentle (notifications) to more assertive (update software) to most aggressive (kill process, block from network). The range of enforcement actions helps you be more successful by working with users, not against them.

Compatible

ForeScout CounterACT works with what you have–your existing switches, routers, firewalls, endpoints, patch management systems, antivirus systems, directories, ticketing systems. We take what you have and make it better.

Accelerated results

ForeScout CounterACT provides useful results on Day 1 by giving you visibility to problems on your network. The built-in knowledge base helps you configure security policies quickly and accurately.